Merge branch 'main' into general-version-cleanup
Some checks failed
Validate Charts / Get Charts being Changed (pull_request) Successful in 8s
Validate Charts / Audit (pull_request) Failing after 7s
Validate Charts / Lint (pull_request) Failing after 12s
Validate Charts / Outdated APIs (pull_request) Failing after 9s

This commit is contained in:
Tommy 2024-11-14 21:06:21 +00:00 committed by Mooo[bot]
commit 586b1fec1f
Signed by: Mooo[bot]
GPG key ID: CF3AFE4D5B62BB9A
8 changed files with 323 additions and 20 deletions

View file

@ -7,7 +7,7 @@ description: |
# renovate: image=us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
appVersion: "20240508"
type: application
version: 0.2.1
version: 0.2.2
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -0,0 +1,73 @@
# Recommended start size of pvc is 20GB
existingPVC: ""
existingSecretName: hashr-secret
initContainers:
dbInit:
image:
repository: ghcr.io/onedr0p/postgres-init
tag: "16"
existingSecretName: hashr-postgres-init-secret
postgres:
hostname: "postgres-rw.databases.svc.cluster.local"
database_name: "hashr"
port: "5432"
secretName: hashr-secret
image:
repository: us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
pullPolicy: IfNotPresent
tag: latest
# imagePullSecrets:
# - myRegistryKeySecretName
imagePullSecrets: []
hashr:
importers:
zip:
enabled: false
schedule: "0 3 * * 6"
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 50m
memory: 128Mi
aws:
# TODO: Add cronjob file!
enabled: false
schedule: "0 9 * * 1"
gcp:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 1"
gcp_projects: ""
hashr_gcp_project: ""
hashr_gcs_bucket: ""
targz:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 2"
windows:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 3"
wsus:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 4"
rpm:
enabled: false
schedule: "0 3 * * 5"
gcr:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 7"
iso9660:
enabled: false
schedule: "0 15 * * 1"
deb:
enabled: false
schedule: "0 15 * * 2"

View file

@ -42,4 +42,11 @@ Create the upload path.
*/}}
{{- define "hashr.uploadPath" -}}
{{- printf "/data/upload" }}
{{- end }}
{{/*
Create the data path.
*/}}
{{- define "hashr.dataPath" -}}
{{- printf "/data/processing" }}
{{- end }}

View file

@ -0,0 +1,79 @@
{{- if .Values.hashr.importers.zip.enabled -}}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ .Release.Name }}-hashr-zip
spec:
schedule: {{ .Values.hashr.importers.zip.schedule | quote }}
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 2
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
metadata:
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
priorityClassName: {{ .Values.priorityClassName | default "default" }}
containers:
- name: hashr-zip
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: IfNotPresent
args:
- --logtostderr=1
- -storage
- postgres
- -exporters
- postgres
- -postgres_host
- "$(POSTGRES_HOST)"
- -postgres_port
- "$(POSTGRES_PORT)"
- -postgres_user
- "$(POSTGRES_USERNAME)"
- -postgres_password
- "$(POSTGRES_PASSWORD)"
- -postgres_db
- "$(POSTGRES_DATABASE)"
- -importers
- zip
- -zip_repo_path
- {{ (include "hashr.dataPath" .) }}/zip/
env:
- name: POSTGRES_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.postgres.secretName }}
key: POSTGRES_USERNAME
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.postgres.secretName }}
key: POSTGRES_PASSWORD
- name: POSTGRES_HOST
value: {{ .Values.postgres.host }}
- name: POSTGRES_PORT
value: {{ .Values.postgres.port }}
- name: POSTGRES_DATABASE
value: {{ .Values.postgres.database }}
volumeMounts:
- name: hashrvolume
mountPath: {{ (include "hashr.dataPath" .) | quote }}
resources:
{{- toYaml .Values.hashr.importers.zip.resources | nindent 14 }}
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
restartPolicy: Never
volumes:
- name: hashrvolume
persistentVolumeClaim:
claimName: {{ .Values.existingPVC }}
readOnly: false
{{- end }}

View file

@ -0,0 +1,42 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "hashr.fullname" . }}-db-init
labels:
{{- include "hashr.labels" . | nindent 4 }}
spec:
template:
spec:
restartPolicy: Never
automountServiceAccountToken: false
priorityClassName: "high-priority"
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: general-db-init
image: "{{ .Values.initContainers.dbInit.image.repository }}:{{ .Values.initContainers.dbInit.image.tag }}"
imagePullPolicy: IfNotPresent
env:
- name: INIT_POSTGRES_HOST
value: {{ .Values.postgres.host }}
envFrom:
- secretRef:
name: {{ .Values.initContainers.dbInit.existingSecretName }}
securityContext:
runAsUser: 1000
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "500m"
backoffLimit: 3

View file

@ -1,19 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: {{ .Release.Name }}-hashr-data-manager
spec:
containers:
- name: hashr-data-manager
image: busybox:latest
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "while true; do sleep 1800; done;"]
volumeMounts:
- name: hashrvolume
mountPath: {{ (include "hashr.dataPath" .) | quote }}
restartPolicy: Always
volumes:
- name: hashrvolume
persistentVolumeClaim:
claimName: {{ include "hashr.pvc.name" . }}
readOnly: false

View file

@ -0,0 +1,48 @@
apiVersion: v1
kind: Pod
metadata:
name: {{ .Release.Name }}-hashr-data-manager
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
serviceAccountName: {{ include "hashr.fullname" . }}
automountServiceAccountToken: false
priorityClassName: {{ .Values.priorityClassName | default "default" }}
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
containers:
- name: hashr-data-manager
image: busybox:stable
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "while true; do sleep 1800; done;"]
volumeMounts:
- name: hashrvolume
mountPath: {{ (include "hashr.dataPath" .) | quote }}
resources:
limits:
cpu: "500m"
memory: "512Mi"
requests:
cpu: "250m"
memory: "256Mi"
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
initialDelaySeconds: 5
periodSeconds: 10
restartPolicy: Always
volumes:
- name: hashrvolume
persistentVolumeClaim:
claimName: {{ .Values.existingPVC }}
readOnly: false

73
charts/hashr/values.yaml Normal file
View file

@ -0,0 +1,73 @@
# Recommended start size of pvc is 20GB
existingPVC: ""
existingSecretName: hashr-secret
initContainers:
dbInit:
image:
repository: ghcr.io/onedr0p/postgres-init
tag: "16"
existingSecretName: hashr-postgres-init-secret
postgres:
hostname: "postgres-rw.databases.svc.cluster.local"
database_name: "hashr"
port: "5432"
secretName: hashr-secret
image:
repository: us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
pullPolicy: IfNotPresent
tag: latest
# imagePullSecrets:
# - myRegistryKeySecretName
imagePullSecrets: []
hashr:
importers:
zip:
enabled: false
schedule: "0 3 * * 6"
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 50m
memory: 128Mi
aws:
# TODO: Add cronjob file!
enabled: false
schedule: "0 9 * * 1"
gcp:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 1"
gcp_projects: ""
hashr_gcp_project: ""
hashr_gcs_bucket: ""
targz:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 2"
windows:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 3"
wsus:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 4"
rpm:
enabled: false
schedule: "0 3 * * 5"
gcr:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 7"
iso9660:
enabled: false
schedule: "0 15 * * 1"
deb:
enabled: false
schedule: "0 15 * * 2"